Open yassine-ouaamou opened 2 weeks ago
@yassine-ouaamou sorry but i am creating it between organisation and sector
sorry, there is one place i used individual, will modify it 👍
Thanks @sudesh0sudesh! Why would you need to link an Individual with a Sector? Can you share with us an example, please?
Nope, it was a mistake, I was testing organisations with name less than two words, I should have replaced it in organisation.
I noticed that the connector ingests the full data each time: This is a blocking behaviour as it will impact the performance of the platform. Is it possible to implement an offset in order to fetch only the new data?
It will not be ingesting full data, it is limited to past 24 hrs. Sometimes, there may be an updated dataset with the same timestamp in the fields. I can adjust the capture window to be between the previous run and the current run, but this may cause some issues with certain reports.
On the other hand, they can decrease the frequency of ingestion
What could be the issues with the reports in the case you are describing?
Few of those are Wrong Country assignment, assignments to Wrong org.
I'm also observed where the victim is linked to a part of Diplomacy when the sector field in ransomeware.live is blank and the victim has nothing to do with Diplomacy.
It would be great to be able to turn off the generation of threat actors. I'm using intrusion sets exclusively instead of threat actors to keep things simple.
@seanthegeek will be looking at both of those, will priortise sector and will be making threat actors optional in future release
@sudesh0sudesh Thanks. I just thought of other improvements for future releases:
The ransomware.live does not currently provide the list of tools or YARA rules via the API. I'll contact them about that. The reference links are included in a list named profile
though.
Following some tests after the improvements made by @sudesh0sudesh in this issue https://github.com/OpenCTI-Platform/connectors/issues/2351 , here are two other improvements I see:
The relationship type part-of is not allowed between Individual and Sector